-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2007-12-04 10:53:07 UTC
-
Revision ID:
james.westby@ubuntu.com-20071204105307-ryd6h5vsj6ii3gun
Tags: 3.0-27ubuntu1.2
* SECURITY UPDATE: improper bounds on static buffer results in stack-based
buffer overflow
* debian/patches/SECURITY_CVE-2007-5935.patch: make sure tmpbuf is allocated
enough memory in texk/dvipsk/hps.c
* SECURITY UPDATE: temporary file race condition in dviljk due to use of
tmpnam()
* SECURITY UPDATE: various buffer overflows in dviljk due to not checking
memory boundaries
* debian/patches/SECURITY_CVE-2007-5936+5937.patch: use mkdtemp() if
available in dvi2xx.c. Replace calls to strcpy() and do proper bounds
checking in dvi2xx.*.
* Modify Maintainer value to match the DebianMaintainerField
specification.
* debian/control: Build-Depends on libcairo2-dev
* References
CVE-2007-5935
CVE-2007-5936
CVE-2007-5937